基于物联网技术的智能电网数据安全问题研究进展

为了保护智能电网设备中的核心数据与用户的个人隐私,分布式计算和同态加密等多项物联网安全技术逐渐受到了关注。近年来,物联网技术的发展推动了电网智能化的快速普及,而智能电网的应用又促进了物联网技术的更新。文中通过介绍智能电网所面临的多种攻击方法,回顾、梳理了智能电网数据安全问题的研究背景和现状。在此基础上,探讨与分析了虚假数据注入攻击及个人隐私保护问题的定义,展望了智能电网数据安全技术未来的研究方向和思路。     

移动互联服务与隐私保护的研究进展

随着宽带无线接入技术和移动终端技术的飞速发展,人们迫切希望能够随时随地从互联网获取信息和服务,移动互联网应运而生并迅猛发展。然而,由于云计算平台、移动通信网络和移动终端的开放性,传统互联网服务中信息传播和管控机制不再适应于移动互联网,信息安全和用户隐私保护已经成为移动互联网用户迫切关心和亟待解决的问题。结合国内外移动互联网发展的最新趋势,对移动互联网服务和隐私保护方面的研究进行了展望。首先对当前移动互联网服务模型和移动互联网服务架构进行了评述;其次对当前的移动互联网数据传播控制机制以及隐私保护机制进行了分析和讨论;最终给出了一些潜在的研究热点,为未来研究工作指明方向。     

Beyond the privacy paradox: The moderating effect of online privacy concerns on online service use behavior

In the digital information era, dealing with privacy issues is problematic in related research since online activities have become an inevitable trend. Following the privacy paradox, which occurs when online services are increasingly accepted or used despite raising the level of privacy concerns of individuals, there is no need to alleviate individual privacy concerns regarding online services. Accordingly, this study aims to empirically analyze the effect of online privacy concerns, when interacting with individual innovativeness, on individual online service use behavior. For the empirical analysis, a Heckman two-step analysis is performed using South Korean data from the 2019 Korea Media Panel Survey conducted by the Korea Information Society Development Institute. The results provide evidence in contradiction of the privacy paradox. Specifically, the main findings of this study are as follows. First, use of online services and privacy concerns are not a contradictory phenomenon both in principle and behavior but can act as a negative influence or constraint. Second, individuals with high levels of innovativeness actively use online services owing to differences in their acceptance and use of innovation. Third, as online activities become more common, privacy concerns are likely to affect the level of online service use by interacting with other personality traits. As a result, privacy concerns are more likely to act as an influencing variable that moderates the degree or intensity of an individual's use of an online service rather than an independent variable for the use of an online service. The impact of privacy concerns of individuals on the use of online services identified in this study suggests there is a need for an adequate governing mechanism for privacy protection to realize service provision through e-government.     

Breakthrough in privacy concerns and lawful access conflicts

The widespread use and misuse of communication systems, especially in the era of speedy transmission of audio/visual information facilitated by the World Wide Web, creates a need for the regulation of information flow. This is in order to ensure a high level of consistency in information security and integrity. On the other hand, ensuring that users have access to security techniques that meet their needs, so that they can trust in the security of information and communications systems while maintaining the confidentiality and integrity of data on such systems, is a must. For example, in many countries, law enforcement can lawfully access stored data or intercept communications under certain conditions. The important law enforcement tools necessary to carry out these exercises could be hampered by the use of uncontrolled cryptography, which may prevent lawful access to either plaintext or cryptographic keys of encrypted data. The privacy and integrity of data on communications systems are of vital importance. This paper addresses the issue at stake in communication security and the user's right to information on legal and social ramifications. This work describes how vital security techniques may be to information technology especially in the Internet era and how there could be a balance to individual privacy [Computers System and Network Security: Principles and Practice, 1999] and public safety in communication. This is one of the most essential issues at stake in communication security. It evaluates the threat caused by intrusion/violations of privacy rights by law enforcement agents and presents a better strategy of how crime can be traced and how criminals might be arrested by law enforcement agents without violating users' privacy rights. We propose an idea called SPLC – solution to privacy and lawful access conflict. SPLC realizes/instills online users' confidence and makes the Internet a fraud-free environment for e-commerce and other online activity.     

Situational user consent for access to personal Information: Does purpose make any difference?

Privacy literature in recent years has emphasized the role of context and situation in individuals' privacy regulation. While most research is focused on understanding situational effects on self-disclosure, the role of situational factors in users’ decision to consent for third-party access to information, a common practice with significant privacy implications, has been barely investigated. The current study bridges this gap by adopting the framework of situational privacy to examine the effect of the purpose for information collection on participants' consent. An online experiment examined users' consent to allow access to their Facebook profile to an unknown entity, with requests distinguished by the framing of the purpose for collecting information as related to security, commercial or academic research. Contrary to the study’s hypothesis, consent rate was similar between groups and purpose was non-significant in explaining participants’ decisions. Furthermore, in all three groups- compensation amount and general willingness to disclose information explain user consent, regardless of purpose. However, some specific factors significantly correlate with consent in each group separately. The study concludes that due to blurring boundaries and uncertainties regarding real uses of information, when it comes to consent for third-party access, predetermined attitudes and preferences are main factors influencing users’ decisions, thus a situational framework is partly adequate for explaining variations in user consent decisions.     

Research progress on location privacy-preserving techniques

While providing plenty of convenience for users in daily life, the increasingly popular location-based ser-vice(LBS) posed a serious threat to users' privacy. The research about privacy-preserving techniques for LBS is becoming a hot spot, and there are a large number of research results. First, background information of privacy protection for LBS was introduced, including application scenarios of LBS, the LBS framework, objects of privacy protection and system architectures of privacy protection. Second, adversary models and metrics for privacy protection in LBS was discussed. Third, four types of privacy-preserving techniques based on generalization and obfuscation for LBS were analyzed and summarized thoroughly. Finally, the potential research directions for privacy-preserving techniques for LBS in the future were shown.     

物联网移动RFID系统匿名访问控制认证密钥交换协议

针对物联网移动RFID系统标签隐私信息的访问控制以及用户身份隐私保护问题,本文采用身份加密和属性加密相结合的方法,建立了IB-AB-eCK安全模型,设计了基于身份及属性的认证密钥交换协议IB-AB-AKE。基于IB-AB-AKE协议,提出了移动RFID手机与信息服务器之间认证密钥交换协议,实现了在保护移动RFID手机用户身份隐私的同时,根据标签所有者定制的访问控制策略进行标签信息的访问控制认证和会话密钥交换,防止了隐私信息被非法访问。分析表明,IB-AB-AKE协议在IB-AB-eCK模型下是安全的,且在通信次数、通信量及计算量方面具有优势。      

Consumers’ attitudes toward information security threats against connected and autonomous vehicles

Connected and autonomous vehicles (CAVs) and intelligent transport systems are transforming individual driving behavior and thus, the vehicle industry and transport sector. However, increasing vehicle connectivity makes CAVs more susceptible to cyber-attacks, which is a barrier to consumers’ CAV adoption. This study analyzes the types of information security threats consumers consider to be the most dangerous and consumer preference for the information security solution that protects their CAVs from such information security threats. We use stated preference data from a discrete choice experiment and a mixed logit model to reflect consumers’ heterogeneity on information security threats and solutions. Furthermore, we investigate the effects of experiencing privacy leakage on attitudes toward CAV information security threats by dividing respondents into two groups. The results show that consumers regard communication failure and the unauthorized collection of personal information as dangerous information security threats, which implies that confidentiality and availability are more essential to CAV security than other factors. Moreover, convenience of use, such as having automatic updates and a security dashboard, is also important when purchasing a CAV information security solution. We also find that respondents who have experienced privacy leakage have a higher preference for protecting CAVs from information security threats than those who have not.     

Human personality privacy analysis based on visual features

Personalized recommendation in social media attempts to analyze the habits and personality based on the loca-tion information and pictures from the users' comments on the public platform. This is very useful for personalized in-formation recommendation. But from perspective of privacy protection, this will affect the privacy security. A novel hu-man personality privacy analysis method based on portrait was proposed. By analyzing the personality model of the psy-chology, five visual features were proposed, including color features, texture features, shape features, Itten contrast fea-tures and expression features. Comprehensive experiments demonstrate the effectiveness of the proposed method. Further, the features analysis experiment show that the proposed features are very relevant to human personality privacy analyz-ing.     

Dynamic game and reliable recommendation based transferring reputation mechanism for mobile cloud computing

The booming development of the mobile internet and cloud computing leads to the emerging of many mobile cloud platforms based services.However,since mobile users store lots of data and privacy information in the cloud when they are using the mobile cloud services,they are facing multiple increasingly serious security threats such as data leaks and privacy exposures.The data security and privacy protection was investigated in mobile cloud computing,aiming at the internal bad mouthing attacks and mobile attacks.A dynamic game and reliable recommendation based transferring reputation mechanism was proposed.First,a dynamic game based recommendation incentive mechanism was proposed.Secondly,a reliable recommendation reputation evaluation model was established based on the incentive mechanism.Last,a novel transferring reputation mechanism was proposed that combined the above mentioned incentive mechanism and reputation evaluation model.Simulation results demonstrate the proposed transferring reputation mechanism can defend against the internal bad mouthing attacks and mobile attacks effectively,enhance the credibility of mobile terminals and improve the data security and privacy protection of mobile cloud services.     

Migration stress,risky Internet uses,and scam victimization: An empirical study among Chinese migrant workers

In China, Internet scams against migrant workers have grown increasingly prevalent. This study uses routine activity theory and uses and gratifications theory to investigate how migration stress affects susceptibility to risky internet use and scam-related outcomes among Chinese migrant workers. The present study utilized a survey of 543 migrant workers. Findings revealed that migration stress was a significant predictor of engaging in risky online leisure activities, risky online shopping, privacy disclosure, and a lack of protective measures. The failure to adopt protective behaviors and engagement in risky online leisure activities, online loaning, and privacy disclosure were also found to increase migrant workers’ exposure to scam information and victimization. Study results sheds light on the impact of migration stress on the online behavior of migrant workers in China and provides insights into protecting them from Internet scams. Our findings may inform the development of interventions aimed at preventing online scams against migrant workers and promoting safer Internet use.     

ChildShield: A rating system for assessing privacy and security of internet of toys

The wave of IoT has spread across the toy market providing designers opportunities for bringing innovation into children’s play in the form of toys that can adapt, connect and communicate referred to as Internet of Toys (IoToys). Research and media reports have underscored the potential misuse by threat actors for surveillance, theft of children’s personal information, opening a covert channel of communication with children and influencing their thoughts and actions. Currently there is a lack of standard labelling system for internet safety of toys that makes it difficult for parents to make the right choice while purchasing. Consumer awareness is critical in this area because of the vulnerability of children, who are the ultimate users. This research identifies the factors affecting privacy and security of IoToys and proposes a methodology for evaluation of toys based on these factors. ChildShield, a privacy and security label, has been recommended as a communication tool between toy manufacturers and consumers.     

融合显/隐式信任协同过滤算法的差分隐私保护

融合显/隐式信任关系的社会化协同过滤算法TrustSVD在推荐系统中有广泛的应用,但该算法存在用户隐私泄漏的风险.基于背景知识的用户个人隐私信息推断是当前Internet用户隐私信息泄漏的巨大隐患之一,差分隐私作为一种能为保护对象提供严格的理论保证的隐私保护机制而备受关注.本文把差分隐私保护技术引入TrustSVD中,提出了具有隐私保护能力的新模型DPTrustSVD.理论分析和实验结果显示,DPTrustSVD不仅为用户的隐私信息提供了严格的理论保证,而且仍然保持了较高的预测准确率.     

Towards the creation of a profile of the information privacy aware user through a systematic literature review of information privacy awareness

In today’s Internet reliant services, the issue of users’ information privacy awareness is being raised. Despite the fact that in many cases internet users claim to be cognizant of privacy issues, they tend to jeopardize their privacy and take no actions to protection it. This paper reports a systematic literature review of existing studies related to Internet users’ information privacy awareness, towards enhancing respective initiatives and defining the attributes that a user should have so as to be privacy aware. We created a five-concept classification framework for the research topics that the academic community raises as important to be further investigated and the main challenges inhibiting information privacy awareness, and we classified all the selected papers according to this framework. Based on the analysis of the literature, we identify five main attributes that constitute a “Profile for the Information Privacy Aware User”, stemming from the classification framework, and further, we suggest the way this profile can be beneficial for internet users, Internet providers and designers of privacy awareness enhancing technologies. Additionally, we highlight research gaps and we provide useful insights for future research, such as the need for a concrete definition (theme 1), the need for the proposal of privacy preventive technologies (theme 3 and 4) and the need for investigation of information privacy awareness in multiple contexts (theme 5).     

移动医疗应用程序的数据隐私和安全性分析

随着移动医疗应用程序的普及,其数据隐私和安全问题引起了广泛关注。文中对当前移动医疗应用中的数据隐私和安全现状进行了分析,探讨了数据处理方式、面临的安全挑战、影响数据隐私和安全的因素以及风险评估机制。此外,还研究了技术和法规的双重影响,用户行为对数据安全的影响以及当前数据保护的最佳实践。结合这些分析,文中提出了一系列面向未来的策略和建议,旨在提升移动医疗应用的数据保护能力。     

基于位置语义的路网位置隐私保护

移动用户在享受基于位置的服务（LBS）的同时受到位置隐私泄露的威胁,因而提供有效的位置隐私保护策略至关重要。传统的位置隐私保护方法主要采用空间匿名的方式,若攻击者获得了更多与匿名空间相关的背景知识,尤其是与位置相关的语义信息,就会严重降低匿名效果。为了防止由位置语义分析造成的敏感位置信息泄露,并根据移动用户活动范围大多限定为道路网络的特点,提出一种基于位置语义的路网位置隐私保护方法,充分考虑了用户的个性化隐私需求,并通过实验验证了方法的可行性及有效性。     

基于几何变形的大数据安全隐私保护方法

隐私保护已经成为大数据安全的重要研究内容之一。在分析了影响大数据安全隐私三个方面的基础上,提出了一种基于几何变形的大数据安全隐私保护方法。该方法从数据源的角度出发,使用几何变形的方法对数据进行干扰,使得数据聚类算法失效或分析得出错误的结果,从而达到大数据安全隐私保护的目的。在实际使用中,该方法效果良好。     

Web用户行为模式挖掘研究

随着互联网的飞速发展,互联网和人们日常的生活、工作、学习等各方面的结合越来越紧密,为使互联网更好的服务于用户(通过Web个性化服务等方式),首先需要了解用户使用互联网的规律性特点,基于Web日志的Web用户行为模式挖掘能解决此问题.目前,Web用户行为模式挖掘仍然是一个新兴的研究领域,其中包含若干需要解决的问题.针对这些问题,在该领域已开展了大量的研究工作.从模式挖掘合理性、模式挖掘结构体系、模式挖掘过程三个方面对Web用户行为模式挖掘中关键问题的研究现状进行了介绍:Web日志中包含了用户访问互联网的一些规律性特征,这些特征可通过Web用户行为模式挖掘的方法得到;为改进模式挖掘、应用的效果,可以采用改进的挖掘结构比如结合内容、结构挖掘的整合结构;Web用户行为模式挖掘过程分为数据预处理、模式挖掘、模式应用三个阶段,这是一个正在发展的研究领域.     

云计算环境中支持隐私保护的数字版权保护方案简

针对云计算环境中数字内容安全和用户隐私保护的需求,提出了一种云计算环境中支持隐私保护的数字版权保护方案。设计了云计算环境中数字内容版权全生命周期保护和用户隐私保护的框架,包括系统初始化、内容加密、许可授权和内容解密4个主要协议;采用基于属性基加密和加法同态加密算法的内容加密密钥保护和分发机制,保证内容加密密钥的安全性;允许用户匿名向云服务提供商订购内容和申请授权,保护用户的隐私,并且防止云服务提供商、授权服务器和密钥服务器等收集用户使用习惯等敏感信息。与现有的云计算环境中数字版权保护方案相比,该方案在保护内容安全和用户隐私的同时,支持灵活的访问控制,并且支持在线和超级分发应用模式,在云计算环境中具有较好的实用性。     

Secure vehicular communication systems: design and architecture

Significant developments have taken place over the past few years in the area of vehicular communication systems. Now, it is well understood in the community that security and protection of private user information are a prerequisite for the deployment of the technology. This is so precisely because the benefits of VC systems, with the mission to enhance transportation safety and efficiency, are at stake. Without the integration of strong and practical security and privacy enhancing mechanisms, VC systems can be disrupted or disabled, even by relatively unsophisticated attackers. We address this problem within the SeVeCom project, having developed a security architecture that provides a comprehensive and practical solution. We present our results in a set of two articles in this issue. In this first one, we analyze threats and types of adversaries, identify security and privacy requirements, and present a spectrum of mechanisms to secure VC systems. We provide a solution that can be quickly adopted and deployed. In the second article we present our progress toward the implementation of our architecture and results on the performance of the secure VC system, along with a discussion of upcoming research challenges and our related current results.